What is private key cryptography technology
The private key (symmetric key), also known as the symmetric key. The key encryption algorithm uses the same key for encryption and decryption. It has the advantage of very fast encryption and decryption, but it is difficult to distribute and manage keys. The sender and receiver of the information must specify the same key. Therefore, key communication must be performed, which usually requires a more secure channel to transfer the key. In addition, each pair of users need to have their own unique key. Therefore, if a sender communicates with many people, it is necessary to manage many keys. The main symmetric key encryption algorithms are DES, 3DES, RC2, RC4, RC5, Blowtish, and cast. There are des and 3DES commonly used in VPNs. Des is a packet encryption algorithm that uses a 56-bit key to encrypt a 64-bit packet. A 64-bit set of plaintext is entered from one end of the algorithm and 64 bits of ciphertext are output from the other end. The same algorithm is used for encryption and decryption. The 3DES encrypts 3 times with 3 keys, but is much slower.
symmetric (Traditional) cryptosystem is from the traditional simple transposition, instead of the password development, since 1977, the United States issued des Cryptographic algorithm as the United States data encryption standards, symmetric key cryptography has been rapid development, in the countries of the world has been concerned and used. The symmetric key cryptosystem can be divided into sequence cipher and block cipher from the encryption mode.
1. Serial Password
Serial cipher has always been one of the major cryptography techniques used in military and diplomatic situations, and its main principle is to produce pseudo-random sequences with excellent performance through finite state machines, use the sequence to encrypt the flow of information, and (bit-wise) to get ciphertext sequences, so The security strength of the sequence cipher algorithm is determined entirely by the pseudo-random sequence produced by it. There are a number of criteria for measuring a pseudo-random sequence, which are more commonly known as the three conditions of the golamb, the linear complexity of the rueppel, the linear approximation, and the associated immune conditions for the Boolean function that produces the sequence.
One of the main ways to generate good sequence ciphers is to use shift registers to generate pseudo-random sequences, typical methods are:
Feedback Shift Register: Using n-Order nonlinear feedback function to produce large-period nonlinear sequence, such as M sequence, has good cryptographic properties, but the choice of feedback function is difficult, how to produce the whole m sequence is still the world problem.
It is very difficult to control sequence phase and nonlinear Feedforward function by using linear shift register sequence and nonlinear Feedforward function, and the bent sequence is a kind of good sequence, and our scholars have made quite a lot of achievements in the study of feedback sequence and feedforward sequence.
Clock sequence, which uses one register sequence as the clock to control another register sequence (or control itself) to produce a clock sequence with a large linear complexity. Combined network and other sequences, by combining the above methods to produce more complex networks to achieve complex sequences, the cipher nature of this sequence is theoretically more difficult to control. The pseudo-random sequences produced by the method of chaotic theory and cellular automata are used.
The main means of sequence cipher attack are algebraic method and probability statistic method, the combination of which can achieve good results. At present, the order of the Register is more than 100 order to ensure the necessary security.
The advantage of the sequence cipher is that the error scale is small, the speed is fast, the synchronization is good, and the security degree is high.
2. Block password
The block cipher works by dividing the plaintext into fixed-length groups (blocks), such as 64-bit groups, using the same key and algorithm to encrypt each block, and the output is a fixed-length cipher. For example, the input of the DES cipher algorithm is 64-bit plaintext, the key length is 56 bits, and the ciphertext length is 64 bits.
The core technique of designing the block cipher algorithm is to make full use of the nonlinear operation by using simple loop function and alignment arithmetic under the principle that the complex function can iterate several loops through simple functions. Taking the DES algorithm as an example, it uses the 8 S-box and P-permutations designed by the National Security Service, which, after 16 laps, eventually produce 64 bits of ciphertext, and the 48-bit sub-key used by each iteration is generated by the original 56 bits.
The DES algorithm encrypts the plaintext into chunks in 64bit, and then converts each piece of plaintext into the same 64bit cipher block with the key. Des can provide 72,000,000,000,000,000 keys, which can be cracked for 2000 years using a single des-encrypted machine per microsecond. A well-known network security system using DES is Kerberos, developed by MIT, which is the industrial fact standard of identity authentication in network communication.
DES (or other block cipher) algorithms are used in 4 ways, such as electronic encryption (ECB), cipher packet Chaining (CBC), output feedback (OFB), and redaction feedback (CFB).
Des keys have weak keys, semi-weak keys, and complementary keys, and you should be aware of these issues when choosing a key. Des is the biggest attack is its key length only 56 bits, the cost of brute force attack is less than $10 million, 1990 S.biham and A.shamir proposed a differential attack method, using the choice of plaintext 247 attack, finally found the possible key, M.matsui The proposed linear analysis method, using 243 known plaintext, successfully deciphered the 16-lap des algorithm, so far, this is the most effective method of decoding.
Based on the above weaknesses, the DES algorithm has been used in many variants, Triple DES, independent sub-key method, variable S-box and its use order, and generalized gdes. Some of these changes have enhanced the security of cryptographic algorithms, some of which have little effect, and some have weakened the security of DES.
Since the enactment of DES algorithm, there have been a number of cryptographic algorithms around the world, the reason for these algorithms, there are political reasons and technical reasons, countries in the commercial aspects of the need to design their own cryptographic algorithms, can not rely on foreign algorithms, but also because of the DES algorithm weaknesses and software implementation of the bit operation and a large number of permutations, With a design life of only 5 years, higher-strength cryptographic algorithms must be designed to replace DES, which are:
Lucifer algorithm, Madryga algorithm, newdes algorithm, feal-n algorithm, Redoc algorithm, Loki algorithm, Khufu algorithm, Khafre algorithm, RC2 and RC4 algorithm, idea algorithm, MMB algorithm, CA-1.1 algorithm, skipjack algorithm, Karn algorithm and MDC algorithm. Most of these algorithms are patented. Some of these algorithms have been deciphered, some security intensity is inferior to DES, some intensity is higher than DES, some intensity is unknown, still need to be further analyzed. Among them, the security intensity is higher than des algorithm such as RC2 and RC4 algorithm, idea algorithm, skipjack algorithm and so on.
In short, because the symmetric key cryptography system has the advantages of fast decryption, high security strength, it is more and more widely used in military, diplomatic and commercial applications.
What is private key cryptography--Key encryption algorithm uses the same key to encrypt and decrypt